ICO call for views on a direct marketing code of practice 


CO. 


lntormation Commisskaner's Office 


It is important that organisations ensure their marketing activities are compliant with data 
protection legislation (the General Data Protection Regulation and Data Protection Act 2018) 
and, where necessary, the Privacy and Electronic Communications Regulations 2003 (PECR). 


The new code of practice will build on our current direct marketing guidance and address the 
aspects of the new legislation relevant to direct marketing such as transparency and lawful 
bases for processing, as well as covering the rules on electronic marketing (for example 
emails, text messages, phone calls) under PECR. 


The European Union is in the process of replacing the current e-privacy law (and therefore 
PECR) with a new ePrivacy Regulation (ePR). However the new ePR is yet to be agreed and 
there is no certainty about what the final rules will be. Because of this we intend for the 
direct marketing code to only cover the current PECR rules until the ePR is agreed. Once the 
ePR is finalised and the UK position in relation to it is clear we will produce an updated 
version of the code which takes this into account as appropriate. 


Please send us your views by 24 December 2018. 


Privacy statement 


For this call for views we will publish responses received from organisations but will remove 
any personal data before publication. We will not publish responses from individuals. For 
more information about what we do with personal data please see our privacy notice. 


Q1 


The code will address the changes in data protection legislation and the implications 


for direct marketing. What changes to the data protection legislation do you think we 
should focus on in the direct marketing code? 


Simplicity. The current GDPR/PECR are 100x too complicated for marketers and data 
subjects alike. You need to publish standard data processing addendum contacts for 
marketers and standard privacy statements for websites to use. It is ridiculous that 
these are not standard: expensive for marketers and for data subjects it defeats a 
main aim of recent data protection and privacy protection - putting data subjects in 
control. The standard statements for data subjects must be short enough that 
people can read and understand them in the time that they are willing to spend, 
which is may only be only seconds. Currently people are almost always clicking 
through without reading, which makes a nonsense of the legislation. 


Q2 


Q3 


Q4 


Q5 


Apart from the recent changes to data protection legislation are there other developments 
that are having an impact on your organisation’s direct marketing practices that you think 
we should address in the code? 


Yes 


No 


If yes please specify 


The massive level of historic abuse by facebook, being reported recently, need 
addressing as examples. 


We are planning to produce the code before the draft ePrivacy Regulation (ePR) is agreed. 
We will then produce a revised code once the ePR becomes law. Do you agree with this 
approach? 


Yes 


No 


If no please explain why you disagree 


Q6 


Q7 


Q8 


Q9 


Is the content of the ICO’s existing direct marketing guidance relevant to the marketing that 
your organisation is involved in? 


Yes 


No 


If no what additional areas would you like to see covered? 


Is it easy to find information in our existing direct marketing guidance? 


Yes 


(¥] No 


If no, do you have any suggestions on how we should structure the direct marketing code? 


You need a lot more internal links. Please model this on Wikipedia. Your current advice is impossible to 


use without repeatedly stopping to google what the technical terms mean. And the relevant legislation 
open in other windows. 


Q10 Please provide details of any case studies or marketing scenarios that you would like 
to see included in the direct marketing code. 


Advertising consent is a mess. Please tell marketers exactly what they should do. 


Q1i1 Do you have any other suggestions for the direct marketing code? 


Traffic lights for consent (indicating how widely data is shared). I don't think people 
read privacy pages. 


About you: 


Qi2 Are you answering these questions as: 
a public sector worker 
a private sector worker 
a third or voluntary sector worker 
a member of the public 
a representative of a trade association 
a data subject 
an ICO employee 


other 


If you answered other, please specify: 
Co-Founder of a Martech Company 


Q13 Please provide the name of the organisation that you are representing: 
Fresh Relevance 


Q14 We may want to contact you about some of the points you have raised. If you are 
happy for us to do this please provide your email address: 


© freshrelevance.com 


Thank you for taking the time to share your views and experience. 


